Data Processing Agreement (DPA)

This Agreement complements the Terms of Use and applies when a clinic/professional (“Client”) uses MedixaLink to process personal data of patients and/or personnel. For the purposes of this Agreement, the Client acts as Controller and MedixaLink (Blade Link Company) acts as Processor.

1. Object and Instructions

MedixaLink will process personal data solely to provide the service and in accordance with the Client's documented instructions (including product configurations and support requests). The Client is responsible for determining the legal basis for data processing, including health (sensitive) data.

2. Confidentiality

MedixaLink authorized personnel are subject to confidentiality duties. Access is limited by operational necessity.

3. Subprocessors

MedixaLink may use providers (“subprocessors”) to operate infrastructure (hosting, database, email, monitoring). MedixaLink will impose on such subprocessors data protection obligations equivalent to this Agreement. The updated list of subprocessors will be informed upon Client request.

4. Security

MedixaLink implements reasonable technical and organizational measures, such as: encryption in transit (TLS), role-based access controls, tenant segregation, audit logs, backups, and incident monitoring. More detail at Security.

5. International Transfers

Since infrastructure providers may operate in different jurisdictions, there may be international data transfer. In that case, MedixaLink will apply reasonable contractual safeguards in accordance with applicable regulations (e.g., contractual clauses or other mechanisms).

6. Client Assistance

MedixaLink will reasonably assist the Client to respond to data subject requests (access, rectification, deletion, portability, etc.) and to comply with security obligations, to the extent applicable and technically feasible.

7. Security Incidents

Upon detection of an incident compromising personal data, MedixaLink will notify the Client without undue delay and provide reasonable information to support investigation and mitigation.

8. Return/Deletion

Upon termination of the service, MedixaLink will allow data export and, in accordance with Client instructions, delete or anonymize data, unless retention is required by law or necessary for legitimate claims.

9. Audits

The Client may request reasonable information about security controls. On-site audits will only be performed for justified cause, with reasonable notice and subject to confidentiality, frequency limitation, and without affecting operations.

10. Contact

Inquiries about this Agreement: info@bladelink.company.